Problem in network configuration

J

jobbedf

New Member
Feb 5, 2023
17
0
1
Hello

I have a problem with my network configuration.

I have a web server where I run Virtualmin with domains and websites. When I test the websites via the browser, it work but when I test the websites via curl via ssh, I get for port 80 and port 443 a connection refused while the ports are allowed, opened and forwarded to the web server.

I took following network , I assigned vmbr1 and vmbr2 to the pfsense vm (for WAN and LAN) and I assigned vmbr2 to the web server.

Anyone who can help me out pls?

Config:
I took this example for my proxmox network config:
proxmox-root-server-architektur-1024x595.png

auto lo
iface lo inet loopback

auto ens33
iface ens33 inet static
address publicip/24
gateway gateway of public ip
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A PREROUTING -i ens33 -p tcp -m multiport ! --dport 22,8006 -j DNAT --to 10.0.0.2
post-up iptables -t nat -A PREROUTING -i ens33 -p udp -j DNAT --to 10.0.0.2

auto vmbr0
iface vmbr0 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 10.0.0.1/30
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/30' -o ens33 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/30' -o ens33 -j MASQUERADE

auto vmbr2
iface vmbr2 inet static
address 192.168.55.2/24
bridge-ports none
bridge-stp off
bridge-fd 0
 
Last edited:
jobbedf said:
auto vmbr0
iface vmbr0 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
Click to expand...
As far i'm concerned, your vmbr0 is not linked to a physical network, thus, will not work.

Edit1:
Here is one of my setups: https://imgur.com/a/reg6OlL
Proxmox is "behind" the firewall. Don't know if its the best practice, but its working fine.
 
Last edited:
hmohr said:
As far i'm concerned, your vmbr0 is not linked to a physical network, thus, will not work.

Edit1:
Here is one of my setups: https://imgur.com/a/reg6OlL
Proxmox is "behind" the firewall. Don't know if its the best practice, but its working fine.
Click to expand...
Hello, thanks for your awnser.

I'm new to Proxmox so I realy don't know how to connect the vmbr0 to the physical network. But I also have 1 physical interface with 1 ip.

Is it posible to send me of to post your /etc/network/interfaces -configuration? Because I'm also interessted in the Proxmox "behind" the firewall.

My /etc/network/interfaces -configuration of this setup is from this website: https://schroederdennis.de/allgemei...ver-mit-nur-1-public-ip-addresse-pfsense-nat/.

Or how can I then connect that vmbr0 so that it works? Because in that configuration, vmbr0 is set to manual (same as on that website).

And then could the unlinked vmbr0 be the problem? Because I haven't had a problem with the setup otherwise (during the few days it has been active). Like using ssh to connect to the VMs (via forwarded ports), HTTP(S), ...

Because I also think the vmbr0 is useless since everything is sent from ens33 to 10.0.0.2 (vmbr1) and from vmbr1 to ens33, isn't that so?
 
Last edited:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface enp16s0 inet manual

iface enx5ef3fc56e3ed inet manual

#Wan LINK
auto vmbr0
iface vmbr0 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0

#Wan LINK
auto vmbr1
iface vmbr1 inet manual
bridge-ports eno2
bridge-stp off
bridge-fd 0

#LAN Link, same subnet as pfsense but with a static IP. Remember to fix that IP later on Pfsense so anyone else got it.
#Linked to enp16s0 that also have computers outside proxmox.
auto vmbr2
iface vmbr2 inet manual
address 192.168.1.10
gateway 192.168.1.1
bridge-ports enp16s0
bridge-stp off
bridge-fd 0

# Interface for VMS, if you don't have physical interfaces or no need to link to another network
auto vmbr3
iface vmbr3 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0

You could try to setup pfsense first, and then go for the VMS.
 
hmohr said:
auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface enp16s0 inet manual

iface enx5ef3fc56e3ed inet manual

#Wan LINK
auto vmbr0
iface vmbr0 inet manual
bridge-ports eno1
bridge-stp off
bridge-fd 0

#Wan LINK
auto vmbr1
iface vmbr1 inet manual
bridge-ports eno2
bridge-stp off
bridge-fd 0

#LAN Link, same subnet as pfsense but with a static IP. Remember to fix that IP later on Pfsense so anyone else got it.
#Linked to enp16s0 that also have computers outside proxmox.
auto vmbr2
iface vmbr2 inet manual
address 192.168.1.10
gateway 192.168.1.1
bridge-ports enp16s0
bridge-stp off
bridge-fd 0

# Interface for VMS, if you don't have physical interfaces or no need to link to another network
auto vmbr3
iface vmbr3 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0

You could try to setup pfsense first, and then go for the VMS.
Click to expand...
Thanks.

Is your pfsense also a VM in Proxmox?
So your traffic goes first to the firewall and then to the LAN? Because if I understand your setup good, I'll also take that setup.

Edit:
And your ports 22 and 8006, did you forward them also in the firewall if your pfsense if a VM in Proxmox? If so, can you maybe give an example about that rule so that I can understand that?
 
Last edited:
Hi jobbedf

If you allow me, I'd recommand you never ever to attach an IP-address to inteface directly.
Use bridges to set an IP.

In your case I would do it like this:

---------------------------------------------------------
auto lo
iface lo inet loopback

iface ens33 inet manual

auto vmbr0
#internet access (IPS given IP and subnet)
iface vmbr0 inet static
address xx.xxx.xx.xx/24
gateway xx.xxx.xx.1
bridge-ports ens33
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m multiport ! --dport 22,8006 -j DNAT --to 10.0.0.2
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp -j DNAT --to 10.0.0.2

auto vmbr1
#private sub network
iface vmbr1 inet static
address 10.0.0.1/30
bridge-ports none
bridge-stp off
bridge-fd 0

post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/30' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/30' -o vmbr0 -j MASQUERADE

auto vmbr2
#if additional networks needed
iface vmbr2 inet static
address 192.168.55.2/24
bridge-ports none
bridge-stp off
bridge-fd 0
------------------------------------------------------------

Best regards
 

Attachments

  • ProxMox Public IP - pfSense.txt
    1 KB · Views: 8
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back